A lightweight local service that signs PDFs using your PFX certificate. Integrates with any ERP or application via a simple REST API. Data never leaves your server.
Both builds are digitally signed and verified clean by VirusTotal across all major security vendors
Full-featured build for signing with PFX certificate files. Includes system tray, auto-start, and silent enterprise deployment options.
Server-compatible ELF binary for Linux environments. Ideal for on-premise ERP servers with headless signing requirements.
From download to first signed document in four steps
Extract the zip file and run SuTan-Sign-Op.exe. The utility starts a local REST server on port 7070 by default.
.\SuTan-Sign-Op.exe$env:OP_SIGNING_PORT = "8080"
.\SuTan-Sign-Op.exeCall the activate endpoint once with your license key and partner API key.
Invoke-RestMethod -Uri "http://localhost:7070/op/activate" `
-Method Post -ContentType "application/json" `
-Body '{"licenseKey":"ST-OP-XXXX-XXXX-XXXX-XXXX",
"partnerApiKey":"dgsk_..."}'Register your PFX file. Signing is blocked until at least one certificate is registered and approved.
Invoke-RestMethod -Uri "http://localhost:7070/op/register-pfx" `
-Method Post -ContentType "application/json" `
-Headers @{ "X-API-KEY" = "dgsk_..." } `
-Body '{"pfxPath":"C:\\Certs\\company.pfx",
"pfxPassword":"YourPassword",
"pfxLabel":"Company Certificate"}'Send documents to the sign endpoint as Base64. The signed PDF is returned as Base64 โ ready to save or send.
$pdfBase64 = [Convert]::ToBase64String(
[IO.File]::ReadAllBytes("C:\Docs\invoice.pdf"))
$body = @{
pdfBase64 = $pdfBase64
pfxPath = "C:\Certs\company.pfx"
pfxPassword = "YourPassword"
erpUsername = "Deepak Singh"
designation = "Director"
reason = "Approved"
location = "Hyderabad"
signatures = @(@{ page=1; x=50; y=700; width=200; height=60 })
} | ConvertTo-Json -Depth 4
$res = Invoke-RestMethod -Uri "http://localhost:7070/op/sign" `
-Method Post -ContentType "application/json" -Body $body
[IO.File]::WriteAllBytes("C:\Docs\invoice_signed.pdf",
[Convert]::FromBase64String($res.signedPdfBase64))unzip SuTan-Sign-Op-Linux-Final.zip
chmod +x SuTan-Sign-Op-signed
./SuTan-Sign-Op-signedOP_SIGNING_PORT=8080 ./SuTan-Sign-Op-signed[Unit]
Description=SuTan OP Signing Utility
After=network.target
[Service]
ExecStart=/opt/sutan/SuTan-Sign-Op-signed
Restart=always
Environment=OP_SIGNING_PORT=7070
[Install]
WantedBy=multi-user.targetsudo systemctl enable sutan-op
sudo systemctl start sutan-op
sudo systemctl status sutan-opcurl -X POST http://localhost:7070/op/activate \
-H "Content-Type: application/json" \
-d '{"licenseKey":"ST-OP-XXXX-XXXX-XXXX-XXXX",
"partnerApiKey":"dgsk_..."}'curl -X POST http://localhost:7070/op/register-pfx \
-H "Content-Type: application/json" \
-H "X-API-KEY: dgsk_..." \
-d '{"pfxPath":"/opt/certs/company.pfx",
"pfxPassword":"YourPassword",
"pfxLabel":"Company Certificate"}'# Step 1 โ Read the PDF and convert to Base64
PDF_B64=$(base64 -w 0 /path/to/invoice.pdf)
# Step 2 โ Send to the signing service
RESPONSE=$(curl -s -X POST http://localhost:7070/op/sign \
-H "Content-Type: application/json" \
-d "{\"pdfBase64\":\"$PDF_B64\",
\"pfxPath\":\"/opt/certs/company.pfx\",
\"pfxPassword\":\"YourPassword\",
\"erpUsername\":\"Deepak Singh\",
\"designation\":\"Director\",
\"reason\":\"Approved\",
\"location\":\"Hyderabad\",
\"signatures\":[{\"page\":1,\"x\":50,\"y\":700,
\"width\":200,\"height\":60}]}")
# Step 3 โ Decode and save the signed PDF
echo "$RESPONSE" | python3 -c "
import sys, json, base64
d = json.load(sys.stdin)
open('invoice_signed.pdf', 'wb').write(
base64.b64decode(d['signedPdfBase64']))
print('Signed PDF saved to: invoice_signed.pdf')"Default port is 7070. Override with the OP_SIGNING_PORT environment variable before starting the utility.
%APPDATA%\SuTanSign\op-utility\
~/SuTanSign/op-utility/
The utility automatically validates its license with the master server every 24 hours. No restart required. Quota usage is reported during each cycle.
Full interactive documentation for all four endpoints. Base URL: http://localhost:7070
All error responses follow the same JSON structure with an error field containing the error code or message
{
"error": "ERROR_CODE_OR_MESSAGE"
}| HTTP | Error Code | Endpoint | Cause | Action |
|---|---|---|---|---|
| 400 | licenseKey is required |
/op/activate | Missing licenseKey field in request body |
Include both licenseKey and partnerApiKey |
| 400 | partnerApiKey is required |
/op/activate | Missing partnerApiKey field |
Include your dgsk_... partner API key |
| 400 | pfxPath and pfxPassword are required |
/op/register-pfx | Missing required certificate fields | Provide both pfxPath and pfxPassword |
| 400 | pdfBase64, pfxPath, pfxPassword are required |
/op/sign | One or more required signing fields are missing | Ensure all three fields are present and non-empty |
| 400 | signatures list is required |
/op/sign | signatures array is empty or not provided |
Include at least one signature box definition |
| 401 | INVALID_OR_INACTIVE_LICENSE |
/op/activate | License key is incorrect, expired, or suspended | Verify the key format ST-OP-XXXX-XXXX-XXXX-XXXX or contact support |
| 402 | Quota exhausted |
/op/sign | All document credits have been used | Contact SuTan admin to purchase additional quota |
| 403 | License not active |
/op/register-pfx, /op/sign | License has not been activated on this machine | Call POST /op/activate first |
| 403 | License not active or expired |
/op/sign | License is expired or was not renewed | Re-activate with a valid key or renew your license |
| 403 | PFX_REJECTED_ORG |
/op/register-pfx, /op/sign | Certificate organisation does not match the whitelist | Use a certificate issued to the approved organisation, or contact admin |
| 403 | PFX_SLOT_REVOKED |
/op/register-pfx | This certificate was revoked by the admin | Contact your SuTan admin to reinstate or replace the certificate |
| 403 | NO_AVAILABLE_PFX_SLOTS |
/op/register-pfx | All licensed PFX slots are already in use | Contact admin to add more slots or free an existing slot |
| 403 | PFX_NOT_REGISTERED |
/op/sign | The specified PFX file has not been registered | Call POST /op/register-pfx for this certificate first |
| 500 | Registration failed: ... |
/op/register-pfx | PFX file not found at the specified path or wrong password | Verify the file path is absolute and the password is correct |
| 500 | Signing failed: ... |
/op/sign | PFX missing, wrong password, or the PDF is corrupt | Check the file path, password, and validate the source PDF |
| 503 | Network error message | /op/activate | Utility cannot reach the SuTan master server | Check internet connectivity and firewall rules for outbound HTTPS |
Signature box coordinates use PDF points (1 pt = 1/72 inch). The origin (0, 0) is at the bottom-left corner of the page. A standard A4 page is 595 ร 842 points.
| Position | x | y | width | height |
|---|---|---|---|---|
| Bottom-left | 50 | 50 | 200 | 60 |
| Bottom-right | 345 | 50 | 200 | 60 |
| Top-left | 50 | 750 | 200 | 60 |
| Top-right | 345 | 750 | 200 | 60 |
| Centre-bottom | 198 | 50 | 200 | 60 |